This article discusses significant advancements in cybersecurity certification, specifically the European Union’s new mandatory certification schemes aimed at enhancing product security. On February 27, 2025, the EU’s Common Criteria certification framework began, making it essential for digital products sold within the EU to meet defined security standards. The German Federal Office for Information Security (BSI) has been appointed as the certification body in Germany, advancing compliance under the Cyber Resilience Act.
Key Points
- As of February 27, 2025, the EU has implemented its first EU-wide cybersecurity certification scheme based on Common Criteria.
- The BSI is the designated certification body in Germany for this scheme.
- Medium and high assurance levels are now mandatory, with external assessments required for higher levels.
- Compliance with the Cyber Resilience Act may necessitate obtaining these new certifications for critical digital products.
- These certifications aim to establish uniform security standards across the EU market, fostering better product safety.
Why should I read this?
If you’re in the tech or cybersecurity space, this article is a must-read! With mandatory cybersecurity certifications rolling out, understanding these new requirements is key for any business operating in the EU. This means you’ll need to stay ahead of compliance to avoid challenges in the market. We’ve outlined the essentials so you can focus on what really matters.